Abstract
The US/EU Privacy Shield invalidation has brought back on the table the issue of suitable instruments to safely transfer personal data from the EU to third party countries. Surprisingly, certification might be an option although the invalidation of the self-certification process proposed by the Privacy Shield. Third-party certification schemes approved by the EU supervisory authorities have been recognized by the GDPR as a suitable instrument to transfer personal data in third countries. Third-party certification theoretically offers some advantages compared to other recognized instruments like the Binding Corporate Rules and Standard Contractual Clauses. Following the principle 'certified once, accepted everywhere', certification under Article 42.2 regime authorizes the data importers established in third countries to work with many EU exporters without having to strike an agreement every time. Moreover, third-party certification offers a level of monitoring the other contractual instruments are unable to provide. But, the establishment of certification schemes under Article 42.2 regime leaves many questions open and approved schemes are still down the road. Another option could be to recognize certification schemes available on the market as soon as they demonstrate that appropriate safeguards are applied to the transfer and management of the data. But again, this option is debatable as the paper shows.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
